Meet DHS' “Biometric Optical Surveillance System,” or BOSS.

Share this story

If you thought that license plate readers were fun, just wait until facial recognition gets better. Recall, facial recognition technology famously failed to catch the two Boston bombing suspects earlier this year, and it remains difficult to actually pull off quickly, accurately, and at a distance.

But according to new documents published by The New York Times on Wednesday, the tech is likely to improve in the near future. The documents show that the United States Department of Homeland Security (DHS) has a contract worth more than $5.155 million to create what’s been dubbed the “Biometric Optical Surveillance System (BOSS) at Stand-off Distance.” Included in the 67-pages worth of documents is a “statement of work”:

The DHS is responsible for the biometric identification of persons to determine if persons entering areas are currently on federal watch lists. To accomplish this task, DHS components require the ability to positively identify/screen individuals in a secure, efficient, accurate, and timely manner. This ability encompasses the collection, storage, transmission, and receipt of biometric and biographic data to support the component missions. The resulting capability will be portable and operable in a wide variety of areas and conditions (i.e. day/night, arid/humid climates, hot/cold temperature extremes.)

The output from these acquisition databases must be usable for searches of large-scale biometric databases (1 to many) and/or verification against a previously taken biometric sample (1 to 1).

. . .

The software will generate and identify a human subject 3-Dimensional facial biometric signature at stand-off distances up to 100 meters.

The primary contractor is Electronic Warfare Associates, a military contractor based in Kentucky. The contracted work took place between October 12, 2010 and November 16, 2012, although the document notes that the DHS “may give subsequent extension notices to the contractor in Writing for further performance in accordance with the contract.” The Times noted that a DHS official said that “research was continuing.”

However, if the government's current path down license plate reader deployment is any indication, once this technology becomes good enough, there will likely be federal grants to encourage local law enforcement to use such capabilities. Currently, license plate data is often pooled together into regional "fusion centers," which can then be more easily accessed by federal authorities. And if law enforcement agencies claim the authority to capture and store license plate data en masse for great periods of time, it doesn't take a great leap of logic to foresee this capability extended to facial recognition as well.

For now, that's still a bit off. As TheTimes noted, "[t]he agency set up six tests to determine the [facial recognition] technology’s overall accuracy, determining afterward that 'it was not ready for a DHS customer'—meaning that police departments should not buy it."

“It’s a question of whether the subject is cooperative or not.”

Anil Jain, a biometrics expert and professor of computer science at Michigan State University, told Ars that the holy grail of pulling a face off video footage remains generally difficult. This is particularly true when the known target is not “cooperative”—meaning, not in a controlled, well-lit environment where the target is looking straight at the camera with a blank expression.

“For [comparing a person against] a driver’s license, mug shots, passport photos, this problem has been solved in that we can achieve over 99 percent accuracy—unless the age difference that we are comparing is quite high—otherwise the facial recognition problem is solved,” Jain said. “The 100-meter issue is not a challenge. It’s a question of whether the subject is cooperative or not.”

The Tsarnaev brothers attempted to use baseball caps and downward glances to avoid being recognized on cameras. We asked Jain if that approach—wearing a baseball cap and sunglasses, moving one’s head all the time—could be one way to try to thwart a facial recognition camera.

“That’s true,” he said, noting that this difficulty of capturing a quality image was an endemic and inherent issue. It can't not necessarily be solved by more computing power.

“If you gave me 100 times better computing power today, it doesn't mean that I can guarantee extremely high levels of accuracy,” he added. “How do we recognize a person given only part of a face? You and I can recognize a person even when the face is covered, [but a computer can’t.]”

Jain added that such cameras “are here to stay.” Further, he says the ability of law enforcement to use the technology will only improve over time, and the political system needs to catch up.

“Linking a person from camera A to camera B—that’s tracking. If tracking can help in solving crimes, that’s one thing,” he concluded. “But if they’re doing it just to track ordinary citizens without purpose, that would be of concern. The only way to prohibit that is for the government to have some sort of regulation or guidelines under what circumstances we are analyzing the video data.”

Meanwhile, a privacy expert, Woodrow Hartzog, law professor at the Cumberland School of Law at Samford University, echoed this sentiment and noted that facial recognition tech is "problematic for a number of reasons."

"The first is that facial recognition technologies require a database of images to be checked against," he wrote in an e-mail to Ars. "While the databases being used now might seem limited, once the infrastructure is in place for widespread deployment of facial recognition technologies, it’s not hard to see that the demand for more data to feed the system will be hard to ignore for law enforcement officials. Additionally, facial recognition technologies can be used to erode 'privacy in public.' While many argue that we should not expect privacy in public places, I think many, if not most people would be alarmed if their day-to-day activities were recorded, aggregated, analyzed and linked back to them by name by law enforcement officials."

Share this story

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is out now from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar